What this book covers
Chapter One
Understanding what SQL injection is, and how it happens
Chapter Two
How to find SQL injection from a web application front end, including
how to detect the possible presence of SQL injection, how to confirm SQL injection is present,
and how to automated finding SQL injection.
Chapter Three
How to find SQL injection in software by reviewing the code, both
manually and via automation.
Chapter Four
How to Exploit SQL injection, including common techniques, UNION
and conditional statements, enumerating the schema, stealing password hashes and automating
exploitation.
Chapter Five
How to Exploit Blind SQL injection, including using time-based,
response-based and alternative channels to return data.
Chapter Six
Exploiting the Operating System via SQL injection, including reading and
writing files, and executing Operating System commands via SQL injection.
Chapter Seven
Advanced Exploitation Topics, including input filter evasion, exploiting
Second-Order SQL injection, exploiting client-side SQL injection and executing hybrid
attacks via SQL injection.
Chapter Eight
Defending your code against SQL injection, including design-based
approaches, use of parameterization, encoding, and validation approaches to avoid SQL
injection.
Chapter Nine
Defending your application platform against SQL injection, including use
of runtime protections, hardening the database and secure deployment considerations to
mitigate the impact of SQL injection.
Chapter Ten
Confirming and recovering from SQL injection attacks, including how to
determine if you’ve fallen prey to SQL injection, confirming whether the SQL injection was
successful, and how to recover if you’ve been hacked by SQL injection.
Chapter Eleven
References chapter, including a primer on SQL, a SQL injection quick
reference on Microsoft SQL Server, Oracle, MySQL, and PostgreSQL, as well as details of
SQL injection on other platforms such as DB2, Sybase, Access, and others.
Also, Subscribe to my youtube channel